package com.dhcc.core.framework.security;

import com.alibaba.fastjson.JSONObject;
import com.dhcc.core.framework.util.CommonUtil;
import com.dhcc.core.framework.util.JsonUtil;
import com.dhcc.core.framework.util.SpringContextHolder;
import com.dhcc.core.modules.system.entity.User;

import org.apache.shiro.subject.Subject;
import org.springframework.core.env.Environment;

import cn.hutool.http.HttpRequest;

/**
 * 系统中最终鉴权就在这里了
 */
public class PermissionKit {
    final static String TYPE_COMMON = "common";
    final static String TYPE_REMOTE = "remote";

    /**
     * 验证当前用户是否属于该角色
     *
     * @param subject
     * @param roleName 角色名
     * @return 属于该角色：true，否则false
     */
    public static boolean hasRole(Subject subject, String roleName) {
        Environment env = SpringContextHolder.getBean(Environment.class);
        String type = env.getProperty("sys.permission.type", TYPE_COMMON);
        if (CommonUtil.equals(TYPE_REMOTE, type)) {
            String url = env.getProperty("sys.permission.checkRoleUrl");
            String sysCode = env.getProperty("sys.permission.sysCode");
            if (CommonUtil.isEmpty(url)||CommonUtil.isEmpty(sysCode)) {
                return false;
            }
            User user = (User) subject.getPrincipals().getPrimaryPrincipal();
            if(CommonUtil.isEmpty(user)){
                return false;
            }
            if (user.isAdmin()) {
                return true;
            }
            JSONObject jo = JsonUtil.createObj();
            jo.put("sysCode", sysCode);
            jo.put("userCode", user.getUserCode());
            jo.put("roleCode", roleName);
            String result = HttpRequest.post(url).body(jo.toJSONString()).execute().body();
            if(CommonUtil.isEmpty(result)){
                return false;
            }else{
                JSONObject res = JsonUtil.parseObj(result);
                Integer status = res.getInteger("status");
                if(status==1){
                    return true;
                }
                return false;
            }
        } else {
            return subject != null && roleName != null && roleName.length() > 0 && subject.hasRole(roleName);
        }
    }

    /**
     * 验证当前用户是否拥有指定权限
     *
     * @param subject
     * @param permission 权限名
     * @return 拥有权限：true，否则false
     */
    public static boolean hasPermission(Subject subject, String permission) {
        Environment env = SpringContextHolder.getBean(Environment.class);
        String type = env.getProperty("sys.permission.type", TYPE_COMMON);
        if (CommonUtil.equals(TYPE_REMOTE, type)) {
            String url = env.getProperty("sys.permission.checkPermissionUrl");
            String sysCode = env.getProperty("sys.permission.sysCode");
            if (CommonUtil.isEmpty(url)||CommonUtil.isEmpty(sysCode)) {
                return false;
            }
            User user = (User) subject.getPrincipals().getPrimaryPrincipal();
            if(CommonUtil.isEmpty(user)){
                return false;
            }
            if (user.isAdmin()) {
                return true;
            }
            JSONObject jo = JsonUtil.createObj();
            jo.put("sysCode", sysCode);
            jo.put("userCode", user.getUserCode());
            jo.put("perCode", permission);
            String result = HttpRequest.post(url).body(jo.toJSONString()).execute().body();
            if(CommonUtil.isEmpty(result)){
                return false;
            }else{
                JSONObject res = JsonUtil.parseObj(result);
                Integer status = res.getInteger("status");
                if(status==1){
                    return true;
                }
                return false;
            }
        } else {
            return subject != null && permission != null && permission.length() > 0 && subject.isPermitted(permission);
        }
    }

}
